A Plain Text on Crypto Policy

For the October, 1993 Electronic Frontier column in Communications of the ACM
by John Perry Barlow

The field of cryptography, for centuries accustomed to hermetic isolation within a culture as obscure as its own puzzles, is going public. People who thought algorithms were maybe something you needed to dig rap music are suddenly taking an active interest in the black arts of crypto.

We have the FBI and NSA to thank for this. The FBI was first to arouse public concerns about the future of digital privacy with its injection of language year before last into a major Senate anti-crime bill (SB 266) which would have registered the congressional intent that all providers of digitized communications should provide law enforcement with analog access to voice and data transmissions of their subscribers.

When this was quietly yanked in committee, they returned with a proposed bill called Digital Telephony. If passed, it would have essentially called a halt to most American progress in telecommunications until they could be assured of their continued ability to wiretap. Strange but true.

They were never able to find anyone in Congress technologically backward enough to introduce this oddity for them, but they did elevate public awareness of the issues considerably.

The National Security Agency, for all its (unknown but huge) budget, staff, and MIPS, has about as much real world political experience as the Order of Trappists and has demonstrated in its management of cryptology export policies the maddening counter-productivity that is the usual companion of inexperience.

The joint bunglings of these two agencies were starting to infuriate a lot of people and institutions who are rarely troubled by Large Governmental Foolishness in the Service of Paranoia. Along with all the usual paranoids, of course.

Then from the NSA's caverns in Fort Meade, Maryland there slouched a chip called Clipper.

For those of you who just tuned in (or who tuned out early), the Clipper Chip...now called Skipjack owing to a trademark conflict...is a hardware encryption device that NSA designed under Reagan-Bush. In April it was unveiled by the Clinton Administration and proposed for both governmental and public use. Installed in phones or other telecommunications tools, it would turn any conversation into gibberish for all but the speaker and his intended listener, using a secret military algorithm.

Clipper/Skipjack is unique, and controversial, in that it also allows the agents of government to listen under certain circumstances. Each chip contains a key that is split into two parts immediately following manufacture. Each half is then placed in the custody of some trusted institution or "escrow agent."

If, at some subsequent time, some government agency desires to legally listen in on the owner of the communications device in which the chip has been placed, it would present evidence of "lawful authority" to the escrow holders. They will reveal the key pairs, the agency will join them, and begin listening to the subject's unencrypted conversations.

(Apparently there are other agencies besides law enforcement who can legally listen to electronic communications. The government has evaded questions about exactly who will have access to these keys, or for that matter, what, besides an judicial warrant, constitutes the "lawful authority" to which they continually refer.)

Clipper/Skipjack was not well received. The blizzard of anguished ASCII it summoned forth on the Net has been so endlessly voluble and so painstaking in its "How-many-Cray-Years-can-dance-on-the-head-of-a-Clipper-Chip"technical detail that I would guess all but the real cypherpunks are by now data-shocked into listlessness and confusion.

Indeed, I suspect that even many readers of this publication...a group with prodigious capacity for assimilating the arid and obscure...are starting to long for the days when their knowledge of cryptography and the public policies surrounding it was limited enough to be coherent.

So I almost hesitate to bring the subject up. Yet somewhere amid this racket, decisions are being made that will profoundly affect your future ability to communicate without fear. Those who would sacrifice your liberty for their illusions of public safety are being afforded some refuge by the very din of opposition.

In the hope of restoring both light and heat to the debate, I'm going to summarize previous episodes, state a few conclusions I've drawn about the current techno-political terrain, and recommend positions you might When I first heard about Clipper/Skipjack, I thought it might not be such a bad idea. This false conclusion was partly due to the reality distorting character of the location...I was about fifty feet away from the Oval Office at the time...but it also seemed like one plausible approach to what may be the bright future of crime in the Virtual Age.

I mean, I can see what the Guardian Class is worried about. The greater part of business is already being transacted in Cyberspace. Most of the money is there. At the moment, however, most of the monetary bits in there are being accounted for. Accounting is digital, but cash is not.

It is imaginable that, with the widespread use of digital cash and encrypted monetary exchange on the Global Net, economies the size of America's could appear as nothing but oceans of alphabet soup. Money laundering would no longer be necessary. The payment of taxes might become more or less voluntary. A lot of weird things would happen after that...

I'm pretty comfortable with chaos, but this is not a future I greet without reservation.

So, while I'm not entirely persuaded that we need to give up our future privacy to protect ourselves from drug dealers, terrorists, child molesters, and un-named military opponents (the Four Horsemen of Fear customarily invoked by our protectors), I can imagine bogeymen whose traffic I'd want visible to authority.

Trouble is, the more one learns about Clipper/Skipjack, the less persuaded he is that it would do much to bring many actual Bad Guys under scrutiny.

As proposed, it would be a voluntary standard, spread mainly by the market forces that would arise after the government bought a few tons of these chips for their own "sensitive but unclassified" communications systems. No one would be driven to use it by anything but convenience. In fact, no one with any brains would use it if he were trying to get away with anything.

In fact, the man who claims to have designed Clipper's basic specs, Acting NIST Director Ray Kammer, recently said, "It's obvious that anyone who uses Clipper for the conduct of organized crime is dumb." No kidding. At least so long as it's voluntary.

Under sober review, there mounted an incredibly long list of reasons to think Clipper/Skipjack might not be a fully-baked idea. In May, after a month of study, the Digital Privacy and Security Working Group, a coalition of some 40 companies and organizations chaired by the Electronic Frontier Foundation (EFF), sent the White House 118 extremely tough questions regarding Clipper, any five of which should have been sufficient to put the kibosh on it.

The members of this group were not a bunch of hysterics. It includes DEC, Hewlett-Packard, IBM, Sun, MCI, Microsoft, Apple, and AT&T (which was also, interestingly enough, the first company to commit to putting Clipper/Skipjack in its own products).

Among the more troubling of their questions:

o Who would the escrow agents be?

o What are Clipper's likely economic impacts, especially in regard to export of American digital products?

o Why is its encryption algorithm secret and why should the public have confidence in a government-derived algorithm that can't be privately tested?

o Why is Clipper/Skipjack being ram-rodded into adoption as a government standard before completion of an over-all review of U.S. policies on cryptography?

o Assuming Clipper/Skipjack becomes a standard, what happens if the escrow depositories are compromised?

o Wouldn't these depositories also become targets of opportunity for any criminal or terrorist organization that wanted to disrupt US. law enforcement?

o Since the chip transmits its serial number at the beginning of each connection, why wouldn't it render its owner's activities highly visible through traffic analysis (for which government needs no warrant)?

o Why would a foreign customer buy a device that exposed his conversations to examination by the government of the United States?

o Does the deployment and use of the chip possibly violate the 1st, 4th, and 5th Amendments to the U.S. Constitution?

o In its discussions of Clipper/Skipjack, the government often uses the phrase "lawfully authorized electronic surveillance." What, exactly, do they mean by this?

o Is it appropriate to insert classified technology into either the public communications network or into the general suite of public technology standards?

And so on and so forth. As I say, it was a very long list. On July 29, John D. Podesta, Assistant to the President and White House Staff Secretary (and, interestingly enough, a former legal consultant to EFF and Co-Chair of the Digital Privacy Working Group), responded to these questions. He actually answered few of them.

Still un-named, undescribed, and increasingly unimaginable were the escrow agents. Questions about the inviolability of the depositories were met with something like, "Don't worry, they'll be secure. Trust us."

There seemed a lot of that in Podesta's responses. While the government had convened a panel of learned cryptologists to examine the classified Skipjack algorithm, it had failed to inspire much confidence among the crypto establishment, most of whom were still disinclined to trust anything they couldn't whack at themselves. At the least, most people felt a proper examination would take longer than the month or so the panel got. After all, it took fifteen years to find a hairline fissure in DES .

But neither Podesta nor any other official explained why it had seemed necessary to use a classified military algorithm for civilian purposes. Nor were the potential economic impacts addressed. Nor were the concerns about traffic analysis laid to rest.

But as Thomas Pynchon once wrote, "If they can get you asking the wrong questions, they don't have to worry about the answers." Neither asked nor answered in all of this was the one question that kept coming back to me: Was this trip really necessary?

For all the debate over the details, few on either side seemed to be approaching the matter from first principles. Were the enshrined threats...drug dealers, terrorists, child molesters, and foreign enemies...sufficiently and presently imperiling to justify fundamentally compromising all future transmitted privacy?

I mean...speaking personally now...it seems to me that America's greatest health risks derive from the drugs that are legal, a position the statistics overwhelmingly support. And then there's terrorism, to which we lost a total of two Americans in 1992, even with the World Trade Center bombing, only 6 in 1993. I honestly can't imagine an organized ring of child molesters, but I suppose one or two might be out there. And the last time we got into a shooting match with another nation, we beat them by a kill ratio of about 2300 to 1.

Even if these are real threats, was enhanced wire-tap the best way to combat them? Apparently, it hasn't been in the past. Over the last ten years the average total nation-wide number of admissible state and federal wire-taps has numbered less than 800. Wire-tap is not at present a major enforcement tool, and is far less efficient than the informants, witnesses, physical evidence, and good old fashioned detective work they usually rely on.

(It's worth noting that the World Trade Center bombing case unraveled, not through wire-taps, but with the discovery of the axle serial number on the van which held the explosives.)

Despite all these questions, both unasked and unanswered, Clipper continues (at the time of this writing) to sail briskly toward standardhood, the full wind of government bearing her along.

On July 30, NIST issued a request for public comments on its proposal to establish Clipper/Skipjack as a Federal Information Processing Standard (FIPS). All comments are due by September 28, and the government seems unwilling to delay the process despite the lack of an overall guiding policy on crypto. Worse, they are putting a hard sell on Clipper/Skipjack without a clue as to who might be escrow holders upon whose political acceptability the entire scheme hinges. Nor have they addressed the central question: why would a criminal use a key escrow device unless he were either very stupid...in which case he'd be easily caught anyway...or simply had no choice.

All this leads me to an uncharacteristically paranoid conclusion:

The Government May Mandate Key Escrow Encryption and Outlaw Other Forms. It is increasingly hard for me to imagine any other purpose for the Clipper/Skipjack operetta if not to prepare the way for the restriction of all private cryptographic uses to a key escrow system. If I were going to move the American people into a condition where they might accept restrictions on their encryption, I would first engineer the wide-spread deployment of a key escrow system on a voluntary basis, wait for some blind sheik to slip a bomb plot around it and then say, "Sorry, folks this ain't enough, it's got to be universal."

Otherwise, why bother? Even its most ardent proponents admit that no intelligent criminal would trust his communications to a key escrow device. On the other hand, if nearly all encrypted traffic were Skipjack-flavored, any transmission encoded by some other algorithm would stick out like a licorice Dot.

In fact, the assumption that Cyberspace will roar one day with Skipjack babble lies behind the stated reason for the secrecy for the algorithm. In their Interim Report, the Skipjack review panel puts it this way:

Disclosure of the algorithm would permit the construction of devices that fail to properly implement the LEAF [or Law Enforcement Access Field], while still interoperating with legitimate SKIPJACK devices. Such devices would provide high quality cryptographic security without preserving the law enforcement access capability that distinguishes this cryptographic initiative.

In other words, they don't want devices or software out there that might use the Skipjack algorithm without depositing a key with the escrow holders. (By the way, this claim is open to question. Publishing Skipjack would not necessarily endow anyone with the ability to build an interoperable chip.)

Then there was the conversation I had with a highly-placed official of the National Security Council in which he mused that the French had, after all, outlawed the private use of cryptography, so it weren't as though it couldn't be done. (He didn't suggest that we should also emulate France's policy of conducting espionage on other countries' industries, though wide-spread international use of Clipper/Skipjack would certainly enhance our ability to do so.)

Be that as it may, France doesn't have a Bill of Rights to violate, which it seems to me that restriction of cryptography in America would do on several counts.

Mandated encryption standards would fly against the First Amendment, which surely protects the manner of our speech as clearly as it protects the content. Whole languages (most of them patois) have arisen on this planet for the purpose of making the speaker unintelligible to authority. I know of no instance where, even in the oppressive colonies where such languages were formed, that the slave-owners banned their use.

Furthermore, the encryption software itself is written expression, upon which no ban may be constitutionally imposed. (What, you might ask then, about the constitutionality of restrictions on algorithm export. I'd say they're being allowed only because no one ever got around to testing from that angle.)

The First Amendment also protects freedom of association. On several different occasions, most notably NAACP v. Alabama ex rel. Patterson and Talley vs. California, the courts have ruled that requiring the disclosure of either an organization's membership or the identity of an individual could lead to reprisals, thereby suppressing both association and speech. Certainly in a place like Cyberspace where everyone is so generally "visible," no truly private "assembly" can take place without some technical means of hiding the participants.

It also looks to me as if the forced imposition of a key escrow system might violate the Fourth and Fifth Amendments.

The Fourth Amendment prohibits secret searches. Even with a warrant, agents of the government must announce themselves before entering and may not seize property without informing the owner. Wire-taps inhabit a gray-ish area of the law in that they permit the secret "seizure" of an actual conversation by those actively eavesdropping on it. The law does not permit the subsequent secret seizure of a record of that conversation. Given the nature of electronic communications, an encryption key opens not only the phone line but the filing cabinet.

Finally, the Fifth Amendment protects individuals from being forced to reveal self-incriminating evidence. While no court has ever ruled on the matter vis a vis encryption keys, there seems something involuntarily self-incriminating about being forced to give up your secrets in advance. Which is, essentially, what mandatory key escrow would require you to do.

For all these protections, I keep thinking it would be nice to have a constitution like the one just adopted by our largest possible enemy, Russia. As I understand it, this document explicitly forbids governmental restrictions on the use of cryptography.

For the moment, we have to take our comfort in the fact that our government...or at least the parts of it that state their intentions...avows both publicly and privately that it has no intention to impose key escrow cryptography as a mandatory standard. It would be, to use Podesta's mild word, "imprudent."

But it's not Podesta or anyone else in the current White House who worries me. Despite their claims to the contrary, I'm not convinced they like Clipper any better than I do. In fact, one of them...not Podesta...called Clipper "our Bay of Pigs," referring to the ill-fated Cuban invasion cooked up by the CIA under Eisenhower and executed (badly) by a reluctant Kennedy Administration. The comparison may not be invidious.

It's the people I can't see who worry me. These are the people who actually developed Clipper/Skipjack and its classified algorithm, the people who, through export controls, have kept American cryptography largely to themselves, the people who are establishing in secret what the public can or cannot employ to protect its own secrets. They are invisible and silent to all the citizens they purportedly serve save those who sit the Congressional intelligence committees.

In secret, they are making for us what may be the most important choice that has ever faced American democracy, that is, whether our descendants will lead their private lives with unprecedented mobility and safety from coercion, or whether every move they make, geographic, economic, or amorous, will be visible to anyone who possesses whatever may then constitute "lawful authority."

Who Are the Lawful Authorities?

Over a year ago, when I first fell down the rabbit hole into Cryptoland, I wrote a Communications column called Decrypting the Puzzle Palace. In it, I advanced what I then thought a slightly paranoid thesis, suggesting that the NSA-guided embargoes on robust encryption software had been driven not by their stated justification (keeping good cryptography out of the possession of foreign military adversaries) but rather restricting its use by domestic civilians.

In the course of writing that piece, I spoke to a number of officials, including former CIA Director Stansfield Turner and former NSA Director Bobby Ray Inman, who assured me that using a military organization to shape domestic policy would be "injudicious" (as Turner put it), but no one could think of any law or regulation that might specifically prohibit the NSA from serving the goals of the Department of Justice.

But since then I've learned a lot about the hazy Post-Reagan/Bush lines between law enforcement and intelligence. They started redrawing the map of authority early in their administration with Executive Order 12333, issued on December 4, 1981. (Federal Register #: 46 FR 59941)

This sweeping decree defines the duties and limitations of the various intelligence organizations of the United States and contains the following language:

1.4 The Intelligence Community. The agencies within the Intelligence Community shall...conduct intelligence activities necessary for the... protection of the national security of the United States, including: ...

(c) Collection of information concerning, and the conduct of activities to protect against, intelligence activities directed against the United States, international terrorist and international narcotics activities, and other hostile activities directed against the United States by foreign powers, organizations, persons, and their agents; (Italics Added)

Further, in Section 2.6, Assistance to Law Enforcement Authorities, agencies within the Intelligence Community are authorized to...participate in law enforcement activities to investigate or prevent clandestine intelligence activities by foreign powers, or international terrorist or narcotics activities.

In other words, the intelligence community was specifically charged with investigative responsibility for international criminal activities in the areas of drugs and terrorism.

Furthermore, within certain fairly loose guidelines, intelligence organizations are "authorized to collect, retain or disseminate information concerning United States persons" that may include "incidentally obtained information that may indicate involvement in activities that may violate federal, state, local or foreign laws."

Given that the NSA monitors a significant portion of all the electronic communications between the United States and other countries, the opportunities for "incidentally obtaining" information that might incriminate Americans inside America are great.

Furthermore, over the course of the Reagan/Bush administration, the job of fighting the War on Some Drugs gradually spread to every element of the Executive Branch.

Even the Department of Energy is now involved. At an Intelligence Community conference last winter I heard a proud speech from a DOE official in which he talked about how some of the bomb-designing supercomputers at Los Alamos had been turned to the peaceful purpose of sifting through huge piles of openly available data...newspapers, courthouse records, etc....in search of patterns that would expose drug users and traffickers. They are selling their results to a variety of "lawful authorities," ranging from the Southern Command of the U.S. Army to the Panamanian Defense Forces to various County Sheriff's Departments.

"Fine," you might say, "Drug use is a epidemic that merits any cure." But I would be surprised if there's anyone who will read this sentence who has broken no laws whatever. And it's anybody's guess what evidence of other unlawful activities might be "incidentally obtained" by such a wide net as DOE is flinging.

The central focus that drugs and terrorism have assumed within the intelligence agencies was underscored for me by a recent tour of the central operations room at the CIA. There, in the nerve center of American intelligence, were desks for Asia, Europe, North America, Africa and "Middle East/Terrorism," and "South America/Narcotics." These bogeymen are now the size of continents on the governmental map of peril.

Given this perception of its duties, the NSA's strict opposition to the export of strong cryptographic engines, hard or soft, starts to make more sense. They are not, as I'd feared, so clue-impaired as to think their embargoes are denying any other nation access to good cryptography. (According to an internal Department of Defense analysis of crypto policy, it recently took 3 minutes and 14 seconds to locate a source code version of DES on the Internet.)

Nor do they really believe these policies are enhancing national security in the traditional, military sense of the word, where the U.S. is, in any case, already absurdly over-matched to any national adversary, as was proven during the Gulf War.

It's the enemies they can't bomb who have them worried, and they are certainly correct in thinking that the communications of drug traffickers and whatever few terrorists as may actually exist are more open to their perusal than would be the case in a world where even your grandmother's phone conversations were encrypted.

And Clipper or no Clipper, such a world would be closer at hand if manufacturers hadn't known than any device that embodies good encryption would not be fit for export.

But with Clipper/Skipjack, there is a lot that the combined forces of government will be able to do to monitor all aspects of your behavior without getting a warrant. Between the monitoring capacities of the NSA, the great data-sieves of the Department of Energy, and the fact that, in use, each chip would continually broadcast the whereabouts of its owner, the government would soon be able to isolate just about every perpetrator among us.

I assume you're neither a drug-user nor a terrorist, but are you ready for this? Is your nose that clean? Can it be prudent to give the government this kind of corrupting power?

I don't think so, but this is what will happen if we continue to allow the secret elements of government to shape domestic policy as though the only American goals that mattered were stopping terrorism (which seems pretty well stopped already) and winning the War on Some Drugs (which no amount of force will ever completely win).

Unfortunately, we are not able to discuss priorities with the people who are setting them, nor do they seem particularly amenable to any form of authority. In a recent discussion with a White House official, I asked for his help in getting the NSA to come out of its bunker and engage in direct and open discussions about crypto embargoes, key escrow, the Skipjack algorithm, and the other matters of public interest.

"I'll see what we can do," he said.

"But you guys are the government," I protested. "Surely they'll do as you tell them."

"I'll see what we can do," he repeated, offering little optimism.

That was months ago. In the meantime, the NSA has not only remained utterly unforthcoming in public discussions of crypto policy, they have unlawfully refused to comply with any Freedom of Information Act requests for documents in this area.

It is time for the public to reassert control over their own government. It is time to demand that public policy be made in public by officials with names, faces, and personal accountability.

When and if we are able to actually discuss crypto policy with the people who are setting it, I have a list of objectives that I hope many of you will share. There are as follows:

1. There should no law restricting any use of cryptography by private citizens.

2. There should be no restriction on the export of cryptographic algorithms or any other instruments of cryptography.

3. Secret agencies should not be allowed to drive public policies.

4. The taxpayer's investment in encryption technology and related mathematical research should be made available for public and scientific use.

5. The government should encourage the deployment of wide-spread encryption.

6. While key escrow systems may have purposes, none should be implemented that places the keys in the hands of government.

7. Any encryption standard to be implemented by the government should developed in an open and public fashion and should not employ a secret algorithm.

And last, or perhaps, first...

8. There should be no broadening of governmental access to private communications and records unless there is a public consensus that the risks to safety outweigh the risks to liberty and will be effectively addressed by these means.

If you support these principles, or even if you don't, I hope you will participate in making this a public process. And there are a number of actions you can take in that regard.

The National Institute of Standards and Technology (NIST) has issued a request for public comments on its proposal to establish the "Skipjack"key-escrow system as a Federal Information Processing Standard. You've got until September 28 to tell them what you think of that. Comments on the NIST proposal should be sent to:

If you belong to or work for an organization, you can encourage that organization to join the Digital Privacy Working Group. To do so they should contact EFF's Washington office at:
Electronic Frontier Foundation
1001 G Street, NW
Suite 950 East
Washington, DC 20001
202/347-5400
Fax 202/393-5509
eff@eff.org

I also encourage individuals interested in these issues to either join EFF, Computer Professionals for Social Responsibility, or one of the related local organizations which have sprung up around the country. For the addresses of a group in your area, contact EFF.